Files beginning with r

Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Part of Windows System Restore and added as a RunOnce registry entry. Leave alone

Added by the BOXED-H TROJAN!

Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number

BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the SEEKER.K TROJAN!

Registration reminder for @loha@home E-mail utility

BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Popup reminder to take the tour of your new Acer laptop

Part of Acronis Privacy Expert - anti-spyware and security suite

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly

Detected by Trend Micro as the INJECT.IB TROJAN! See here

ISP software, initializes DSL modem

Part of Panda Antivirus . Is this an update reminder (guess because of the name), virus definition update reminder or something similar?

Loads ADSL modem Control Panel applet

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"

Audio control panel?

AUNPS adware

Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example

Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension

Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in %System%

Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in %System%

Added by the AGENT.PKZ TROJAN!

??

Birthday Reminder 5.0 - as the name implies

CommonName Toolbar spyware. To uninstall see here

Added by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file!

Displays battery status information on an IBM Thinkpad

BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings

"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"

BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

IBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc

Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup

Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window

Battery power management utility for Lenovo (IBM) ThinkPad laptops

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder

Flingstone.com browser hijacker

Added by the BRONTOK-J or BRONTOK-L WORMS!

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder

Display Client for the BuzMe Internet Call Waiting Service

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in the Winnt or Windows folder

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in the Winnt or Windows folder

For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs

Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change

Part of the closed caption decdoder/MS VBI codec. Should only run once

CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in the Winnt or Windows folder

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in the Winnt or Windows folder

Added by the AEBOT.K WORM!

Added by the QQPASS-U TROJAN!

"Switch" premium rate adult content dialler variant

??

System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel

Registers the Control Panel applet for a C-Media PCI sound card

CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Cognizance Corp Identity And Access Management suite

Added by a variant of the IRC TROJAN!

??

Added by the GAOBOT.YN WORM!

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

CoolWebSearch Msconfd parasite variant

CoolWebSearch parasite variant

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

Razer Copperhead mouse driver

If you don't want to register Corel products and be reminded about it every 2 weeks disable it

If you don't want to register Corel products and be reminded about it every 2 weeks disable it

Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS

Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the LEGMIR-AW TROJAN!

SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Homepage hijacker

DeadAIM - feature enhancing product for AOL's Instant Messenger program

CoolWebSearch parasite variant

Added by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

Appears to be related to older Creative Soundblaster soundcards

Added by the GRUEL WORM!

Added by the RBOT-PR WORM!

Unidentfied malware

Added by a variant of the SDBOT WORM!

Added by the LAZAR TROJAN!

DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:WINDOWSSystem32spooldriversW32x863DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work

Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

KidsWatch Time Control parental control software

Hijacker - drvupd.inf file installs a "searchforge.com" hijack

Identified as a variant of the AdWare.Win32.ZenoSearch.am malware

Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem

EReg is a software registration tool incorporated on products such as those by Br?derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it

Added by the LAZAR.B TROJAN!

CNNIC Update pest

Related to Windows Media Center from Microsoft

Added by the CAMPURF WORM!

Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice

Added by the RBOT.BQJ WORM!

AdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

Added by the AKBOT-AA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "fstsvc.dll" file is found in %System%

Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)

Added by the CAY TROJAN!

Topconverting.com180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name

Added by the AKBOT.EG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gddlib.dll" file is found in %System%

Added by the GAOBOT.UJ or GAOBOT.UL WORMS!

Added by the GAOBOT.SY WORM!

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

Detected by Kaspersky as the AGENT.AOU TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the BEAGLE.C WORM!

USB DSL modem related - [what does it do and is it required in startup?

Unidentified adware, spyware or virus

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

HP multifunction registration

Added by a variant of the ORCU.B TROJAN!

HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID

Added by the QQPASS-U TROJAN!

Added by the BANKER-EHG TROJAN!

HP multifunction registration

HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines

Topconverting.com180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

IKL surveillance software. Uninstall this software unless you put it there yourself

CoolWebSearch parasite variant

Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner

Added by the FORTNIGHT.D TROJAN!

Added by the RBOT-AJG WORM!

Intel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Detected by Trend Micro as the DLOADER.UZO TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the BANKER-EHG TROJAN!

Added by the RBOT-DDJ WORM!

Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer

Added by the AGENT.AT TROJAN!

Added by the LIXY TROJAN!

CoolWebSearch Oemsyspnp parasite variant

Added by the QuickLinks/Forethought adware

PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online

Razer Krait mouse driver

DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Razer Lachesis mouse driver

Added by the REPEATLD WORM!

Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs

Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the AKBOT-AI WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "libtec.dll" file is found in %System%

Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program

Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folder

Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway

Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the "inf" sub-folder

??

Added by the WOWCRAFT TROJAN!

Added by the LOOKED-CK WORM!

Mshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshtmpre.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Root folder (C:), (D:), etc

Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Windowsinf or Winntinf folder

Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings

Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"

Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll

Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line

Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the KANGAROO-A WORM!

123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folder

RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone

Identified as a variant of the Trojan-Clicker.Win32.Agent.bqy malware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rgtndz.dll" file is found in %System%

Added by the MULTIDRP.BG TROJAN!

Added by the AKBOT-AG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ltssvc.dll" file is found in %System%

Added by the LINEAGE-BI TROJAN!

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)

Added by a variant of the RBOT WORM!

Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs

Used with a USB based smartmedia card reader

Creative Filter AudioControlMB Module - related to the Creative Audigy line of sound cards. What does it do and is it required?

Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis

Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".

Added by the GRUEL WORM!

Added by the RELFEERWORM!

Added by the IRCBOT.BK WORM!

Added by the RBOT-GHO WORM!

Added by the RBOT-GGU WORM!

Added by the RBOT-GSJ WORM!

Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in a "dll" subfolder of the Winnt or Windows folder

Added by a variant of the RBOT WORM!

Added by the RBOT-GRG WORM!

Added by the RBOT-FSH WORM!

Added by a variant of the IRCBOT TROJAN!

Detected by Trend Micro as the SHEUR.HC WORM! See here

Added by a variant of the IRCBOT.ARD WORM!

Added by the IRCBOT.ARD WORM!

Added by a variant of the IRCBOT TROJAN!

Added by the AGOBOT.AVS WORM!

Added by the POPO-A WORM! Note - this is NOT the Windows system file of the same name as described here

Added by a variant of the SDBOT WORM!

Detected by Kaspersky as the CIADOOR.GN BACKDOOR! See here

Detected by Kaspersky as the RBOT.AIE BACKDOOR! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by a variant of the RBOT WORM!

Added by the RBOT.EP WORM!

Added by the RBOT.FC WORM!

Added by the RBOT-PS WORM!

Added by the RBOT-LL WORM!

Added by an unidentified WORM or TROJAN!

Added by the HABRACK WORM!

Added by a variant of the IRCBOT TROJAN!

Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour

Shows the Welcome Center every time you boot into Windows Vista

Added by the RBOT-AGF WORM!

Added by the RBOT-AFQ WORM!

Added by the DLOADR-BMV TROJAN!

Added by the RBOT-AFS WORM!

??

Added by the RBOT-ZY WORM!

??

Added by the FUNNER-A WORM!

Part of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"

Added by the LOVGATE.C WORM!

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

Added by the RBOT.MR WORM!

Detected by Trend Micro as the AGENT.ADXH TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the WEKODE-B WORM!

Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvkoc.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvsoh.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by a variant of the SDBOT WORM!

RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way

Added by the SDBOT-BPY WORM!

Microsoft Message Queue Server - Internal Certificate - see here for more info and here for a potential problem. Is it required?

Added by a variant of the SPYBOT WORM!

Added by the MYTOB-DY WORM!

Homepage hijacker that changes your homepage to an adult content site

EHU adware. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name

Yuupsearch adware

Added by an unidentified WORM or TROJAN!

Added by a variant of the RBOT-FOU WORM!

MyWebSearch parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the MAPSON.D WORM!

Added by the NAVU TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the DOOMJUICE.B WORM! Note - this is not the valid Ahead Nero CD/DVD burning program. Also, it is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the WOOTBOT.D WORM!

Added by the RBOT.ABH WORM!

NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

NewDotNet foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

NodFix is a is a potentially unwanted application. This application is given an (X) status because we does not and will not support Cracks or Warez. Do not delete the regedt32.exe as it is the legitimate Windows application. NodFix interferes with the default settings of the NOD32 AV application allowing to bypass its free using period as well as changes the default update server to that eval signatures thus allowing to update NOD32 without password. Note - to avoid interfering with the NOD32 application original settings no full cleanup can be provided

Added by the RBOT-AJC WORM!

ntl Netguard - anti-virus a package of services, specifically designed to keep you safe and secure with their ntlworld online services

NTL Freedom dial-up ISP software - not required

Overclocking utility for nVidia based graphics cards?

Associated with Nvidia based graphics cards

Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card

Added by the AGOBOT-TO WORM! Note - the valid version of this entry has the command line as "rundll32.exe NvCpl.dll,NvStartup"

System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)

Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card

Enables the use of "hot keys" for changing setting on Nvidia graphics

System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties

This is a DLL to enable multiple display monitors on a single computer. It can be a cause of numerous problems on some computers

Thought to enable the clock frequency option on nVidia control panels. You can overclock without leaving this enabled

System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties

System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties

System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties

Related to NVIDIA graphics cards

Added by the AKBOT.BA WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxgsvc.dll" file is found in %System%

Added by the AKBOT.BD WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "nxosys.dll" file is found in %System%

Autodetects when a digital camera is attached to a USB port and launches OfotoNow image software. Available via Start -> Programs

Added by a variant of the SPYRE.B TROJAN!

BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "oo4.dll" file is located in the Winnt or Windows folder

Adult content dialler

Adult content dialler

Unsavoury program that resets your homepage every time you restart - uncheck in MSCONFIG and delete it via a registry edit

Third party tweaker for ATI Rage 128 Video cards from http://www.rageunderground.com

MarketScore parasite - ActiveX control used to download premium-rate dialers

MarketScore parasite - ActiveX control used to download premium-rate dialers

PurityScan/Clickspring adware. The executable is located in the user's "Application Data" folder or the Program Fileshtwu folder

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

Related to Creative audio products. What does it do and is it required?

Registration reminder for Palm products

Loads the drivers associated with monitoring scanner status associated with PaperPort software. Can be a resource hog - see here

Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2

Apparently the monitoring device for PC Doctor Online. It provides a "free" examination on system files (i.e. registry), reports the number of errors it finds, and invites you to "order" the fee-based fixes from its web site

Part of PC Doctor software installed for some machines. Disabling or enabling it is down to your preference

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Controls the remote control on some Pinnacle TV tuners

Nuance (was Scansoft) PDF Converter Registry Controller related - what does it do and is it required?

Sony Picture Package software for their range of Digital Handycam video cameras. Used to connect the camcorder via USB and allows the user to burn the content directly to a CD

Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "pdfupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

AdRotator adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "atgban.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

AdRotator adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "gzmrt.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the SURDUX TROJAN!

Added by the INMOTA WORM!

Appears to be Toshiba power management related

Software found on Acer computers from Wistron. Information suggests it maps keyboard buttons to operating system functions

Added by the LOVGATE-W WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller

Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller

Added by an unidentified TROJAN, WORM or other malware! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

IBM's proprietary 'battery maximiser' and power monitoring software for laptops

Added by the DLOADR-AVD TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qkoszvd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Adult content dialler

Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the MIMAIL.S WORM!

Related to RaboBank electronic banking software

RaLink wireless LAN configuration utility

Radarsync utility comes from DFI with their latest motherboards, e.g., DFI LanParty Ultra - checks for BIOS and driver updates periodically

RadLinker - tweaker/linker for ATI Radeon based graphics cards. It allows you easy access to per game settings

Radio365 - create playlists and broadcast live straight from your PC!

Used to configure wire less networks. Windows automatically detects the Wireless network and it configures the network

VIA V-RAID Tool - hard disk striping/mirroring utility for increased performance and reliability

Rainlendar is a customizable calendar that displays the current month

Rainlendar is a customizable calendar that displays the current month

Rainmeter is a customizable performance meter, which can display the CPU load, memory utilization, etc

RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind

Optionally installed with some DVD drives (LG, Panasonic, etc). Disables Windows XP's CD-burning abilities because they cause some incompatibilities. It does not affect your ability to burn CDs. If you do not have this program running, you may have some compatibility issues with burnt DVDs

Added by the AKAK TROJAN!

Ram Def Xtreme - monitors and defragments your system RAM to improve reliability and speed. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind

Virtual Hard Drive (Ram Drive) from Farstone - takes a portion of your system memory (RAM) and uses it to simulate a hard disk drive

RAM Idle LE - "A smart memory management program that will keep your computer running better, faster, and longer. RAM Idle works by freeing up physical RAM wasted by Windows and other applications. In addition, RAM Idle also includes Cache and startup manager program that will give you more power to optimize your Windows." MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind

Small Windows utility that displays the amount of available memory in an icon in the System Tray. It can also free memory by double clicking the tray icon, or by setting a threshold that activates the program automatically, or by having it run automatically when an application exits. RAMpage is free, and open source

Added by the DLOADER-KM TROJAN!

Added by the DELBOT-P WORM!

Added by the DELBOT-L WORM!

Added by the RBOT-ZB WORM!

Application protection component of BlackICE PC Protection (was Defender) firewall, informing you of any modifications to programs, files or folders and detecting unknown programs trying to launch

Added by the QQPASS-V TROJAN!

Added by the QQPASS-S TROJAN!

Added by the PWS-ACP TROJAN!

XPoint "Rapid Restore PC" - a "Managed Recovery? solution that enables IT Administrators to protect the corporate image, while offloading personal data backup and recovery chores to the end user"

RapidBlaster parasite. Recommended you use RapidBlaster Killer to uninstall - see here

Added by the QQPASS-AA TROJAN!

Added by the QQPASS-AB TROJAN!

Added by the SPYBOT.EM WORM!

Hijacker, also detected as the ADWAHECK TROJAN!

Added by the BCKDR-QGN TROJAN!

Added by the FEUTEL-H TROJAN!

RAV anti-virus related

Added by the BDOOR-DIJ TROJAN! Note - this file is located in the %WinDir% directory, and must NOT be confused with the legitimate RAV antivirus file of the same name!

Added by the RJUMPF-F WORM!

DownloadReceiver parasite - no longer in existence

RAV AntiVirus

Added by the AGENT.OKZ TROJAN!

Rising antivirus

Added by the DLOADER.IYT TROJAN!

Rising antivirus

RAV AntiVirus

Added by the QQPASS-T TROJAN!

??

Razer mouse driver

RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here

RapidBlaster variant (in a "RapidBlaster" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here

RapidBlaster variant (in a "RBEnhance" folder in Program Files) where *** represents random digits. Recommended you use RapidBlaster Killer to uninstall - see here

Added by the RANDEX.BLD WORM!

Added by the SDBOT-DHK WORM!

"Switch" premium rate adult content dialler variant

Scheduler for VCOM's Recovery Commander - which "can restore your non-booting system back to normal. It only takes a few minutes to get your system back up and running"

PrizeSurfer related. "PrizeSurfer is the free software that automatically enters you to win cash and prizes just for surfing the web and shopping online!" Stealth installed malware

Remote Disconnection Utility from Twiga. Used for connecting and disconnecting dial up connections on a network - only needed if there is a shared internet connection

Added by the SDBOT.F TROJAN!

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "readdb40.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Tray icon to set various configuration settings for Sunkist (and maybe other) media card readers

Real Jukebox - MP3 and music files player

Added by a variant of the SPYBOT WORM!

Added by a variant of the RBOT WORM!

Added by the PARLAY TROJAN!

Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player

DownloadWare adware

Added by the CEEGAR TROJAN! Note - this is not associated with the popular RealPlayer media player

Added by the AGOBOT.AFR WORM!

Download manager. Available via Start -> Programs

Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs

System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences

RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name

RapidBlaster variant (in a "RealPlay" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not RealPlayer which can have the same executable name

System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences

Added by the MYTOB.AG WORM!

Added by the AGOBOT-AAD WORM! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name

Added by the RBOT-NK WORM!

Added by a variant of the RBOT WORM!

Added by the DELF.CNV TROJAN!

Added by the LOHAV-T TROJAN!

RealPopup - "Replaces old winpopup with a full featured freeware tool which remains stable and simple as its predecessor"

Application Scheduler installed along with RealOne Player. Runs independently of RealOne Player, to remind AutoUpdate and Message Center to perform their tasks at pre-scheduled intervals. If it can't be disabled try deleting or renaming realsched.exe and then delete the entry in the registry

RealSPEED - tweaking utility to speed-up your internet connection

Realtime scanner part of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates

Product description in properties is "InternetExplorerCommunicationAgent Module" ?

Chinese originated adware - detected by Panda antivirus as NewWeb. Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name

System Tray icon for RealPlayer. If you subsequently start RealPlayer manually it adds itself back to the start-up list. You can stop this from happening by right-clicking on the tray icon and disabling StartCenter via Preferences

Added by the PARLAY or MITGLIEDER.I TROJANS!

RebateNation adware

MS-DOS/Win3.1 utility use to clean boot a system. Sometimes installed by default from some driver CDs for motherboards

On HP computers, Recguard prevents the deletion or corruption of the WinXP Recovery Partition. Without it enabled, it is possible to knock that completely out and force the customer to send the PC back to HP for a re-image, possibly at the customer's expense

Reclip Popup Clipboard manager

SmartPops search hijacker

Added by the ANAFTP-01 TROJAN! Note - this is NOT the Windows system file of the same name as described here

Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry

Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry

Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry

Part of a DSL installer package from SBC (probably SBC/Yahoo DSL). If the installation is botched, this entry may be left in the registry

Recording scheduler for WatchTV Capture Card (TV Tuner card)

Added by the SHUCKBOT-A TROJAN!

Added by the RBOT.DDA WORM!

PMS prediction program with modes for guys and girls - no longer available

Red_Swoosh distributed networking software - a desktop client that enables users to download and stream files from each other, rather than from webservers

Dotcomtoolbar/Linksummary hijacker installer - where * is a random digit

Added by the RANDEX.AL WORM!

MediaComm's monitor for file association changes. Stop rogue programs from screwing your settings either on installation or whenever they run

Reflex Vision from Increment Software. "A background application for Windows XP that makes switching windows faster and easier"

(Iomega) Refresh - loads the Iomega desktop icons at startup

Passon homepage hi-jacker

Added by the RBOT.ZW WORM!

Hijacker - redirecting to only-virgins.com

Added by the NOUPDATE.B TROJAN!

CoolWebSearch parasite variant - also detected as the STARTPA-M TROJAN!

"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free"

"Registry Clean Expert scans the Windows registry and finds incorrect or obsolete information in the registry. By fixing these obsolete information in Windows registry, your system will run faster and error free"

Added by the POLDO.B TROJAN!

Added by the DASMIN-E TROJAN!

Added by the BANCOS-BW TROJAN!

Added by the BANCOS.DK TROJAN! Note that the filename has a leading space, ie, " REGCXMARQ.EXE"

Added by the COIBOA-D TROJAN!

"RegDefend is a configurable, kernel based registry protection system, designed to intercept selected changes before they occur, thus also preventing malicious software like viruses, trojans and worms from using the registry to their advantage"

Added by the BRID.A WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the SOUTHGHOST WORM!

Added by the GANBATE.A WORM! Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "securityDatabase" subfolder

Added by the VOUMIT-A WORM! Note - this is not the legitimate regedit32.exe application which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder

Added by the QQPASS-U TROJAN!

RegFreeze anti-spyware software

??

Added by the SDBOT.AYH WORM!

If you don't want to register MediaRing and be reminded about it every bootup disable it

??

Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation

Registration for Pinnacle Studio Version 8 home video software from Pinnacle Systems

Added by the SDBOT TROJAN!

Registry Cleaner misleading security software - not recommended, see here

Added by a variant of the AGOBOT/GAOBOT WORM!

Added by the GAOBOT.AO WORM!

Added by the QKH TROJAN!

Added by the ARIVER.A WORM!

Added by a variant of the OPTIX TROJAN!

Added by the WEBMONEY-G TROJAN!

Added by the RBOT-GM WORM!

Added by a variant of the IRCBOT TROJAN! See here

Added by a variant of the RBOT WORM!

Added by the DELBOT-I WORM!

Added by the CILE TROJAN!

Added by a variant of the IRCBOT BACKDOOR! See here

Added by the RBOT-AFT WORM!

Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

RegistryCleanFix misleading security program - not recommended, see here

Registry Mechanic - "you can safely clean and repair Windows registry problems with a few simple mouse clicks! Problems with the Windows registry are a common cause of Windows crashes and error messages"

Affilred adware

Part of the OCR software TextBridge Pro 9.0 (and possibly earlier versions). Typically used with imaging devices such as scanners and digital cameras for creating text documents from images. This item will probably be displayed twice and will re-instate itself whenever you start the main program so leave it - once started it frees the memory it used. Its purpose and an explanation of how to correct a problem it creates for "Send To" can be found here. Note that you don't have to uninstall TextBridge for this fix to work and the program works fine afterwards. Not used on later versions of the software - hence the 'U' recommendation

DVD region killer part of CloneDVD from Elaborate Bytes AG. Copies the main movie, Special Features and/or the original menu onto a DVD Recordable or onto your harddisk

Added by the BEAGLE.DO WORM!

RegistryPowerCleaner misleading secuirty software - not recommended, see here

RegistryProt from Diamond Computer Systems - protects the system registry against changes

Added by the BANCOS-ED TROJAN!

Added by the OKARAG TROJAN!

Adware downloader - also detected as a variant of the LOWZONES.BW or AGENT.RD TROJANS!

Added by the WAYIC-A TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). The file is located in C:Windows

Added by the OPTIX-SE TROJAN!

Added by the TALEX TROJAN!

Related to XGI Technology's Volari graphics cards - what does it do and is it required?

Added by an unidentified VIRUS, WORM or TROJAN!

Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly

Added by the OPTIXPRO.11 TROJAN!

Added by the WINKO.AO WORM!

Added by the STOPED-A TROJAN!

Search hijacker - redirecting to scheo.com

Added by an unidentified TROJAN!

Homepage hijacker that changes your homepage to an adult content site

Added by the WEBMONEY-G TROJAN!

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

SafeSurfing adware

Rage3d Tweak - ATI Radeon tweaker which allows access to registry tweak options, custom display modes, refresh rates and overclocking all through an easy to use interface

Added by the LATINUS.16 TROJAN!

Added by the SYGYP.A WORM!

Added by the WILSEF VIRUS!

"Release RAM allows your computer to run faster and uses your computer's RAM more efficiently". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind

Added by the LOVELETTER.AS VIRUS!

Added by the LAZAR TROJAN!

BT Voyager ADSL Modem Help related

From MS Money. Reminds you of your bills

HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list

Registration reminder for the PC Pitstop Optimize 2.0 system optimizatoon utility by CA. Located in %ProgramFiles%\PCPitstop\Optimize2

Compaq printer Registration

HP CD-Writer Registration

Registration reminder widget for Rand Mcnally maps

Registration reminder for ScanSoft products such as PaperPort

Remind-Me - calendar software

HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list

Remote Control driver for LifeView internal and external TV products

Dial-up networking application - not normally found in the startup locations. It runs when you connect to the net via this method (ie, analogue 56K modem) and terminates after the connection is closed

Detected by PCTools as the IRCBOT.BIF TROJAN! See here

Added by the IRCBOT.BFA TROJAN!

Added by a variant of the IRCBOT TROJAN! See here

Added by the AGOBOT.KU WORM!

Added by a variant of the IRCBOT TROJAN! See here

Hinet Hi-Five ISP software

Detected by Trend Micro as the IRCBOT.YF TROJAN! See here

Required if you want your ASUS Remote control to work at all. Available via Start -> Programs

Added by the RBOT-MD WORM!

Added by the LOVGATE.F WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by a variant of the IRCBOT TROJAN! See here

Detected by Trend Micro as the IRCBOT.AUZ TROJAN! See here

Trend Micro's Office Scan Client, see here - "Its Web-based management console gives administrators transparent access to desktop and mobile clients to coordinate automatic deployment of security policies and software updates"

Remote control for Creative MediaSource - plays back music in DVD-Audio, MP3, WMA, WAV and other media formats

Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one

Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs

Related to a Belkin 54Mbps Wireless Utility Control Panel applet

GatorCheat - adware downloader

RemoveIT Pro from InCode Solutions - spyware, virus and malware removal tool

Part of McAfee's Remote Desktop 32 Agent application. What does it do and is it required?

Added by the YABE.CD TROJAN!

Replay Radio - "makes it easy to automatically record your favorite radio shows, so you can listen wherever and whenever you like"

Cerience RepliGo software - "any document you have on your PC can be transferred to your mobile device"

Added by a variant of the MUQUEST.A trojan - NOTE: the * stands for a digit, examples: requester.5.exe, requester.10.exe

Added by the MUQUEST TROJAN!

Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ

EVGA graphic card utility providing easy access to display settings

Windows Resource Meter. Available via Start -> Programs. You may want this enabled if your PC is suffering from crashes and want to know potential causes

Softwarium Restore Desktop "is a Windows Context Menu addition that automatically saves and restores the icons' positions on the Windows desktop after a resolution change"

Added by the RETSAM TROJAN!

Part of the RadeonTweaker utility for overclocking ATI Radeon graphics cards

Added by the GIPMA TROJAN!

80-20 Retriever from 80-20 - "80-20 Retriever is a powerful personal search tool that encompasses email folders, archived email, and local or network file systems, giving users one point of fast, accurate search for all personal information". Real-time scheduler - shortcut available

EMC (was Dantz) Retrospect Express - backup software for external hardware storage devices

Control Application for M-Audio Revolution 7.1 sound card. The sound card will function without it - but changes to speaker setup and sound modification (Bass/Treble etc) will not be available

Intellisync for REX sychronization software for Xircom REX MicroPDAs for sharing information between the PDA and PC

Registry First Aid - scans the Windows registry for orphan file/folder references, finds these files or folders on your drives that may have been moved from their initial locations, and then corrects your registry entries to match the located files or folders

Reality Fusion GameCam Video Interaction Technology Software that comes with the Logitech QuickCam PC video camera and other USB cameras. It's only an icon that appears on your System Tray. Available via Start -> Programs

RAV AntiVirus

Rising antivirus

??

A browser plugin called the RichFX player. Here is a link to download RichFX's solution to removing the auto upgrade

Added by a variant of the BANLOAD family of TROJANS!

EuroFonts - adds Euro symbols to pre-Euro computers

RhinoBlocker - pop-up stopper

System tray access to Red Hot Pawn - online chess

Henbang adware variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

SafeSurfing adware

Only needed if you want a PC to answer faxes automatically

Added by the RIOSYS MACRO!

"Riorad Explorer is hands-down the most advanced Windows software companion for your Rio MP3 player"

RivaTuner for tweaking nVidia graphics cards. Required if you make any changes

RivaTuner for tweaking nVidia graphics cards. Required if you make any changes

RK Launcher by RaduKing - "is a free application that will allow the user to have a visually pleasing bar at the side of the screen that is used to quickly launch shortcuts"

Remote Control background application for Cyberlink's PowerDVD version 4 and above. Enables you to use a remote control with your DVD drive if your drive came with one. Not required if you don't have a remote control, or don't wish to use one

Added by the DLOADR-ANM TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "rmdrfje.dll" file is located in the Winnt or Windows folder

A module that contains COM components for media playback used by both RealPlayer and Windows Media Player - see here. The "rmoc3260.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Remote control driver for REALmagic Xcard. Is it required?

May be related to the DivX program as a *.dat file in the same directory had "DivXPro505Bundle.exe" mentioned within?

??

Roboform - password manager and web form filler. Will work without this startup entry, as the "active" component is an integrated Internet Explorer browser plugin

Roboform from Siber Systems. Automatically completes web forms. Available via Start -> Programs

Rocket.Time - time synchronization software from Rocket Software

"RocketDock is a smoothly animated, alpha blended application launcher. It provides a nice clean interface to drop shortcuts on for easy access and organization"

Rogue Remover PRO - utility to detect and remove misleading security programs masqerading as virus scanners, spyware removers, etc that lure people into buying them with false positives

??

Added by the RollBack Rx system restore program

??

Detected by Kaspersky as the AGENT.FJN TROJAN! See here

Roxio Assistant is designed to correct Engine Initialization errors. If Easy CD & DVD Creator's Engine does not initialize, the applications in Easy CD & DVD Creator will not recognize your recorder. After running this program you should receive the message "Engine initialized successfully with full recorder support". If you do not receive the message, update your Virus software and then check and clean your system for viruses. After the removal of any viruses, uninstall and then reinstall Easy CD & DVD Creator (use "Add Remove Programs" in "Control Panel"). Can be run manually

Part of Roxio EasyCD Creator 6.0 - places the Roxio AudioCentral icon in you system tray. "Includes a player, media manager, ripper, tag and sound editor - integrated in a single application". Not required for Roxio to work properly.

System Tray icon installed by Roxio Easy Media Creator 8 and which allows you to configure your watched folders or to turn the ?Watched Folders? feature of Roxio ON or OFF

Unicenter Remote Control (was Remotely Possible) from Enterprise International for remote control and access to Win9x/NT systems

Detected by Trend Micro as the SDBOT.FLY WORM! See here

Added by the SPAMMIT-E TROJAN!

Added by the RBOT-AE WORM!

Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see here

Added by the RBOT.ACP WORM!

Added by the LINEAG-ADI TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in an "addins" sub-folder

Troubleshooting utility for the RoadRunner cable internet service. Not required and you are advised to completely uninstall it. Provides a lot of false alarms and gets a lot of people panicking about there internet connection

Required on the GeFroce 64 meg MX card to show the full 64 meg memory and appears to be a software memory emulator running under the Win2K - see here. High CPU useage results - hence the U status

Added by the WAREZOV.C WORM!

Synchronizes a Casio PDA with MS Outlook

??

Detected by Kaspersky as the AGENT.NY TROJAN! See here

"Related Sites" toolbar - SearchAndClick hijacker variant

RssReader - a free RSS reader able to display any RSS and Atom news feed (XML)

Misleading security software such as AntiSpywareSuite, AntivirusPCSuite, SpyGuardPro, WinAntiVirus Pro 2006 - not recommended, see here

RTCDLL is "Real Time Communication" and is associated with Windows Messenger (the IM application, not messenger service). It is only necessary if you use Windows Messenger. Most people use MSN Messenger instead, so it is not required in those cases

Realtek HD Audio Sound Effect Manager

High definition audio codec driver from Realtek Semiconductor

Added by the TIOTUA-J TROJAN!

Monitor for RealTek network card

Cheyenne (now eTrust) antivirus

IRC trojan

Real-time virus scanner component of Norton Anti-Virus Corporate Edition

Configuration utility for the Netgear WG111 54 Mbps Wireless USB 2.0 Adapter that "provides wireless access to your desktop or notebook PC through the computer's USB port"

Added by the RUBY-B TROJAN!

Added by the MEXER.E WORM!

Added by the FIGHTRUB-A WORM!

Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis

Added by the LOVGATE.E WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)

Chinese originated browser hijacker - redirecting to 4199.com Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the BANCOS-DT TROJAN!

Added by the SDBOT-CWB WORM!

Advanced Startup Manager from Rays Lab

Added by the LOVGATE-F WORM!

Added by the APSTROJAN.OB TROJAN!

Not required but what is it?

Added by the NEODURK TROJAN!

Added by the MARIO-C WORM!

Added by the DOPBOT-A WORM!

Added by the STARTPA-HS TROJAN!

Added by the DELF.D TROJAN!

Added by the QQPASS-U TROJAN!

Added by the LADE WORM!

Flingstone.com browser hijacker. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "qkoszvd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the DELF-KT TROJAN!

Added by the MYTOB.IG WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Added by the QQPASS-AH TROJAN! Note - this is NOT the Windows system file of the same name as described here

Added by a variant of the SLAPER TROJAN!

Added by a number of VIRUSES, WORMS and TROJANS!

Added by the DVLDR TROJAN! Note - this is not the valid "Rundll32.exe" as it's in the WindowsFonts directory

System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Also disable the "NVIDIA Driver Helper Service" if enabled as it can cause this entry to be re-enabled on re-boot (note that this service can also cause extreme shutdown delays if enabled - see here)

System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties

Loads default settings for Leadtek Winfast graphics cards

Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. Tells the drivers that the connected Drives should use the "Write Back" Caching. You can disable this if you don't want to use "Write Back" Caching or if you have not connected any driver to your Promise Controller

Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller

Added by the SANKER WORM! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This one is is located in the Winnt or Windows folder

Associated with BlueTooth software, and registers the "Infrared Port properties" Control Panel applet. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup

Added by the DEMOTRY-A WORM!

Added by the AGENT-EZ TROJAN! Note - the real rundll32.exe resides in the System (9x/Me) or System32 (NT/2K/XP) folder whereas this file is found in a "SHELLEXT" subfolder

Added by the STARTPAGE.AXH TROJAN!

Added by the ROOKIE-A TROJAN!

Added by the DELF.BKC TROJAN!

System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel

Associated with a Logitech mouse - required for proper operation

ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality

Added by the GRUEL WORM!

BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the HUAYU WORM! Note - this is NOT the Windows system file of the same name as described here

Added by the NETDEVIL.B TROJAN!

Added by the DELF-HA TROJAN!

Added by the AGENT.SLZ TROJAN!

Added by the SMALL.CTV TROJAN!

Part of MS Data Access Components - only required if you use these

Added by the CHIR-B WORM!

Added by the RBOT-BWF WORM!

Added by the AGOBOT.QJ WORM!

Detected by PCTools as the DELF.ZWK TROJAN! See here

Added by the SMALL-CF TROJAN!

DesktopShield2000 by St?phane Groleau. Locks the desktop at bootup so that users cannot bypass the Windows screensaver password. Only essential if using the program and is an optional setting. It can be disabled from within

Added by a variant of the Tibs malware

Added by the ESEARCH-A TROJAN!

Added by the VB-AET TROJAN!

Added by the GHOST.23 TROJAN!

MegaTec Rups, UPS monitoring software - monitor and control DB9 UPS running on either Windows & Novell NetWare (with RUPS 2000) or Unix (with RUPS for Unix / Plus) operating systems

??

Added by the LINEAGE-BP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is found in the Windows or Winnt folder

Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"

Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"

Added by the DLOADR-AZZ TROJAN!

Added by the PWS-ANA TROJAN!

Added by the LINEAGE.BDP TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is found in an "Intel" sub-folder of the Windows or Winnt folder

Radmin - remote admistrator server

AT&T or ComCast BBClient - monitors system and network-delivered services for availability. Your current network status is displayed on a color-coded web page in near-real time. When problems are detected, you're immediately notified by e-mail, pager, or text messaging

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "sfgupd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Browser hijacker - redirecting to Searchant.com. Note - the real Tweak UI entry for this is "rundll32.exe tweakui.cpl, tweakmeup". Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the AKBOT.BE WORM! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "savsvc.dll" file is found in %System%

Added by the SPYBOT-EJ WORM!

Control for Soundblaster MP3 external (USB) sound card

All-In-One_SPY stealth monitoring software - allows monitoring and recording of all actions performed on a computer. It records all keystrokes, remembers addresses of Internet pages visited, and maintains a log file listing all applicationsrun on the computer. It can create screenshots and record sounds from the computer's microphone to a sound file

MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder

Detected by Symantec as the SILLYFDC WORM! See here

Added by the BANCOS-BM TROJAN!

Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. May be necessary in order to maintain preferences applied to the RAID array connected to the Promise controller

Added by the QQPASS-K TROJAN!

Added by the QQPASS-AC TROJAN!

Regfile in disguise - another CoolWebSearch parasite variant

Added by the AGENT.BUO WORM!

Homepage hijacker re-directing browsers to adult content websites

Added by the HANDLE-A VIRUS!

LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "si91e44b.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

Responsible for power management for SIS chipsets - is it required?

Added by the HOLCAS.A WORM!

Added by a variant of the ORCU.B TROJAN!

Added by the SDBOT-QC WORM!

Added by the AGOBOT.MT WORM!

PurityScan/Clickspring adware

Added by a variant of the RBOT WORM!

??

SoftwareOnline Intelligent Downloader - "Bundle engine to enable download of end user approved third party applications and reporting of installs for billing purposes only". Said to monitor user's browsing habits and display pop-up ads

Control panel item for the Terratec DMX Xfire 1024 soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?

Control panel item for Hercules Fortissimo soundcards (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?

Control panel item for a Terratec soundcard (Start -> Settings -> Control Panel) based upon a Cirrus Logic "SoundFusion" DSP. Does it need to run at start-up every time?

Malicious javascript annoyance that changes the default search engine in IE to one of many including "topsearcher". See here for more and a fix

Added by the ABLANK-W and ABLANK-Z TROJANS!

IconAds adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "spads.dll" file is located in the Winnt or Windows folder

AdRotator adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "sprt_ads.dll" file is located in the Winnt or Windows folder

Related to Creative audio products. What does it do and is it required?

??

IE search hijacker - changes the default search to http://www.hotsearchbox.com/ie/

Unidentified, but not known to belong to any known spyware remover, and strongly suspected to be adware related!

CoolWebSearch parasite variant - also detected by Kaspersky as the AGENT.FC TROJAN!

Related to ZoneAlarm. What does it do and is it required?

Created by execution of the Windows XP sr.inf file, which installs the Windows XP System Restore feature, needed for example when installing System Restore into Windows Server 2003. Does this indeed need to run at every bootup?

Topantispyware.com malware - detected by Kaspersky as the SPYRE.B TROJAN!

Added by a variant of the BIFROSE-LV TROJAN!

Added by a variant of the SDBOT WORM!

Added by the EDEPOL-C TROJAN!

Added by the JAVAKILLER TROJAN!

Hijacker pointing to www.searchandclick.com

BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the ZLOB-VL TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "supdate2.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder

SurfBuddy adware - not to be confused with the legitimate SurfBuddy application by SurfApps!. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by the STARTPA-PB TROJAN!

Added by the AGENT-DSS TROJAN!

StealthWeblog surveillance software. Uninstall this software unless you put it there yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by a variant of the FORBOT WORM!

Added by the FORBOT-FM WORM!

Hijacker

CoolWebSearch parasite variant - also detected as the FEMAD-L TROJAN!

Added by the CHANGGAME TROJAN!

Added by the RANDEX.ATX WORM!

CoolWebSearch PnP parasite variant

Added by the STARTPAGE-FN TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "pcsearch.reg" file is located in the Winnt or Windows folder

Added by the STARTPA-ME TROJAN! Note that regedit.exe is a legitimate Microsoft file and shouldn't be deleted. The "sysreg.reg" file is located in the Winnt or Windows folder

Added by the LANFILT TROJAN!

Homepage hijacker

XPCSpy Pro keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted

Added by a variant of the OPTIX TROJAN!

Added by the RBOT-WU WORM!